South Korean authorities have successfully extradited a Chinese national suspected of orchestrating one of the most sophisticated hacking operations targeting high-profile individuals and financial institutions. The 34-year-old suspect, identified only as Mr. G, was repatriated from Bangkok, Thailand, on August…
Category: Cyber Security News
MathWorks Confirms Cyberattack, User Personal Information Stolen
MathWorks, Inc., the developer of the popular MATLAB and Simulink software, confirmed today that it was the target of a significant cyberattack, resulting in the theft of sensitive personal information belonging to an undisclosed number of users. In a notice…
BadSuccessor Post-Patch: Leveraging dMSAs for Credential Acquisition and Lateral Movement in Active Directory
Microsoft’s recent patch for the BadSuccessor vulnerability (CVE-2025-53779) has successfully closed the direct privilege escalation path, but security researchers warn that the underlying technique remains viable for sophisticated attackers. While the patch prevents immediate Domain Admin escalation through one-sided delegated…
Hackers Abuse Microsoft Teams to Gain Remote Access With PowerShell-based Malware
Cybercriminals are increasingly weaponizing Microsoft Teams, exploiting the platform’s trusted role in corporate communications to deploy malware and seize control of victim systems. In a sophisticated campaign, threat actors are impersonating IT support staff in Microsoft Teams chats to trick…
Hackers Attempted to Misuse Claude AI to Launch Cyber Attacks
Anthropic has thwarted multiple sophisticated attempts by cybercriminals to misuse its Claude AI platform, according to a newly released Threat Intelligence report. Despite layered safeguards designed to prevent harmful outputs, malicious actors have adapted to exploit Claude’s advanced capabilities, weaponizing…
Farmers Insurance Cyber Attack – 1.1 Million Customers Data Exposed in Salesforce Attack
Farmers Insurance Exchange and its subsidiaries recently disclosed a significant security incident that compromised personal information of approximately 1.1 million customers through an unauthorized access to a third-party vendor’s database. The breach, which occurred on May 29, 2025, represents one…
Cisco Nexus 3000 and 9000 Series Vulnerability Let Attackers Trigger DoS Attack
Cisco has issued a High-severity security advisory alerting customers to a critical vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of NX-OS Software for Cisco Nexus 3000 and 9000 Series switches. Tracked as CVE-2025-20241 with a CVSS base score of…
Nevada IT Systems Hit by Cyberattack – State Office Closed for Two Days
A significant cyberattack disrupted Nevada’s state government network on August 24, forcing all state office branches to shut down operations for 48 hours. The intrusion began with the exploitation of an unpatched VPN gateway, allowing the threat actor to gain…
Threat Actors Abuse Velociraptor Incident Response Tool to Gain Remote Access
A sophisticated intrusion in which threat actors co-opted the legitimate, open-source Velociraptor digital forensics and incident response (DFIR) tool to establish a covert remote access channel. This represents an evolution from the long-standing tactic of abusing remote monitoring and management…
Cisco IMC Virtual Keyboard Video Monitor Let Attacker Direct User to Malicious Website
Cisco disclosed a high-severity open redirect vulnerability in the Virtual Keyboard Video Monitor (vKVM) component of its Integrated Management Controller (IMC). Tracked as CVE-2025-20317 with a CVSS 3.1 base score of 7.1, the vulnerability could enable an unauthenticated remote attacker…
UTG-Q-1000 Group Weaponizing Subsidy Schemes to Exfiltrate Sensitive Data
The emergence of sophisticated cybercriminal organizations continues to pose significant threats to individuals and institutions worldwide, with the UTG-Q-1000 group representing one of the most concerning developments in recent cybersecurity history. This highly organized criminal network has demonstrated exceptional technical…
New Research Highlights Emulating Tactics of Scattered Spider in Realistic Scenarios
New findings from Lares Labs underscore the importance of realistic threat emulation exercises that mirror the sophisticated tactics of the Scattered Spider APT group. By integrating real-world incident data into controlled simulations, organizations can proactively assess defenses across networks, endpoints,…
New TamperedChef Attack With Weaponized PDF Editor Steals Sensitive Data and Login Credentials
A sophisticated malware campaign that weaponizes a seemingly legitimate PDF editor to steal sensitive data and login credentials from unsuspecting users across Europe. The attack uncovered by Truesec, dubbed “TamperedChef,” represents a new evolution in social engineering tactics that leverage…
FreePBX Servers Hacked in 0-Day Attack – Admins are Urged to Disable Internet Access
A critical zero-day exploit targeting exposed FreePBX 16 and 17 systems. Threat actors are abusing an unauthenticated privilege escalation vulnerability in the commercial Endpoint Manager module, allowing remote code execution (RCE) when the Administrator Control Panel is reachable from the…
Cloudflare Launches MCP Server Portals – A Unified Gateway to All MCP Servers
Cloudflare today launched MCP Server Portals in open beta, a groundbreaking capability designed to centralize, secure, and observe all Model Context Protocol (MCP) connections in an organization. By routing every MCP request through a single portal endpoint, Cloudflare One customers…
CISA Publish Hunting and Mitigation Guide to Defend Networks from Chinese State-Sponsored Actors
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), alongside the NSA, FBI, and a broad coalition of international partners, has released a comprehensive cybersecurity advisory detailing a widespread espionage campaign by People’s Republic of China (PRC) state-sponsored actors targeting critical…
NX Build Tool Hacked with Malware That Checks for Claude or Gemini to Find Wallets and Secrets
Over 1,400 developers discovered today that a malicious post-install script in the popular NX build kit silently created a repository named s1ngularity-repository in their GitHub accounts. This repository contains a base64-encoded dump of sensitive data wallet files, API keys, .npmrc…
CrowdStrike Set to Acquire Onum in $290 Million Deal to Enhance Falcon Next-Gen SIEM
Global cybersecurity leader CrowdStrike announced its intention to acquire Onum, a pioneer in real-time telemetry pipeline management, in a deal reportedly valued at $290 million. The acquisition, unveiled Wednesday, aims to significantly enhance CrowdStrike’s Falcon Next-Gen SIEM platform, transforming it…
Kea DHCP Server Vulnerability Let Remote Attacker With a Single Crafted Packet
A newly disclosed vulnerability in the widely used ISC Kea DHCP server poses a significant security risk to network infrastructure worldwide. The flaw, designated CVE-2025-40779, allows remote attackers to crash DHCP services with just a single maliciously crafted packet, potentially…
TAG-144 Actors Attacking Government Entities With New Tactics, Techniques, and Procedures
Over the past year, a shadowy threat actor known as TAG-144—also tracked under aliases Blind Eagle and APT-C-36—has intensified operations against South American government institutions. First observed in 2018, this group has adopted an array of commodity remote access trojans…